Bank Hack Tales: When What’s Old is New Again

More and more, corporate boards are mandating cyber insurance to transfer risk, but watch out, because you might not get what you paid for. A recent International Monetary Fund (IMF) report estimates that annual banking losses could be as high as “9% of net income or $100 billion annually.

Bank breaches impact the viability of both the bank and the customer’s ability to transfer funds or access our accounts. JP Morgan reports that “78% of companies were targets of payment fraud last year… 54% of business email compromise (BEC) scams targeted wires and 28% were subject to ACH debit fraud.”

In the 2016 Bangladesh Bank cyber heist, $81 million disappeared in no time, and – but for a typo made by the hackers – it could have been $1 billion. The SWIFT messaging system serves over 11,000 banks and relies on each bank to keep access to its service secure.

More recently, the Bank of Chile lost $10 million to hackers after SWIFT was used to send the money to Hong Kong. The bank is now working with insurers to recoup its losses. Bloomberg reports that in May of this year, $15 million was stolen from Banxico, as hackers attacked the domestic payments system SPEI. And Bancomext was targeted by North Korean hackers attempting to steal $110 million and resulted in the international payments system being frozen across the country.

Criminal syndicates have been using malware for years in multi-stage attacks that take advantage of unpatched systems, untrained users and weak processes. These kinds of hackers are incredibly patient and creative.

Industry veteran Scott Scheferman described the attackers as “a criminal ring with many operative layers that work in coordination…. it’s not unusual at all for the threat to stay in ‘monitor’ mode for extended periods of (Read more...)

*** This is a Security Bloggers Network syndicated blog from Cylance Blog authored by Barnaby Page. Read the original post at: